8 matches found
Cross-site Scripting (XSS)
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the custom SanitizationPolicy if configured with dropforeignnamespaces=False or allowlisted foreign elements such as MathML or SVG or raw-text...
GHSA-R758-8HXW-4845 justhtml: Mutation XSS with custom foreign-namespace sanitization policies
Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...
justhtml: Mutation XSS with custom foreign-namespace sanitization policies
Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...
Cross-site Scripting (XSS)
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the serialization process of raw-text elements such as script and style when a custom sanitization policy retains these elements. An attacker can...
EUVD-2024-28051
Malicious code in bioql PyPI...
EUVD-2024-28049
Malicious code in bioql PyPI...
CVE-2024-30115
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget...
CVE-2024-30113
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget...